enproxy

package
v0.0.0-...-f80bafb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2026 License: BSD-3-Clause, BSD-3-Clause Imports: 25 Imported by: 0

Documentation

Overview

Package enproxy provides a complete proxy implementation with support for HTTP, HTTP/2, and NASSH, with OAUTH authentication, all in a simple API to use.

This package glues together the default go net/http/httputil ReverseProxy packaged in proxy/httpp and the SSH over HTTPs implementation in proxy/nasshp together witha frontend server implemented using net/http, packaged in lib/khttp.

The simplest use of this library is via flags: 

import (
    // Secure random numbers.
    "github.com/ccontavalli/enkit/lib/srand"
    "github.com/ccontavalli/enkit/lib/kflags"
    "flag"
)

flags := enproxy.DefaultFlags()
flags.Register(&kflags.GoFlagSet{FlagSet: flag.CommandLine})

// Parse flags after registering them!!
flag.Parse()

rng := rand.New(srand.Source)
proxy, err := enproxy.New(rng, enproxy.FromFlags(flags))
if err != nil {
  ...
}

proxy.Run()

You can, of course, create a proxy manually with the desired options. In that case, you want to use `WithConfig` and other `With.*` modifiers to set all the desired options.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func OpenConfigBinding 

func OpenConfigBinding(rng *rand.Rand, flags *Flags) (config.StoreWorkspace, config.Store, config.Binding, bool, error)

OpenConfigBinding opens the config store entry selected by flags.

The explicit return reports whether the caller selected an explicit --config path instead of the implicit default config target.

func ParseConfigBinding 

func ParseConfigBinding(binding config.Binding, defaultNasshRelayHost string) (Config, Warnings, error)

ParseConfigBinding loads the bound config as the current Config format, normalizes representable defaults, and validates the resulting config.

Types

type Config 

type Config struct {
	ProxyModules   map[string]ProxyModule
	NasshModules   map[string]NasshModule
	MetricsModules map[string]MetricsModule

	// Which URLs to map to which modules or targets.
	Mapping []Mapping
	// Extra domains for which to obtain a certificate.
	Domains []string
	// List of allowed tunnels.
	Tunnels []string
}

Config is the content of the proxy configuration file.

func EffectiveConfig 

func EffectiveConfig(config Config, defaultNasshRelayHost string) (Config, error)

EffectiveConfig returns NormalizeConfig for backward compatibility.

func NormalizeConfig 

func NormalizeConfig(config Config, defaultNasshRelayHost string) (Config, error)

NormalizeConfig returns a copy of config with representable runtime defaults applied explicitly.

func (*Config) Parse 

func (config *Config) Parse() (utils.PatternList, Warnings, error)

Parse verifies and indexes a loaded Config.

Returns the parsed whitelist of tunnels allowed, followed by a list of warnings.

type ConfigNormalizer 

type ConfigNormalizer struct {
	// contains filtered or unexported fields
}

ConfigNormalizer materializes the effective config seen by CLI inspection and runtime reload.

NormalizeConfig applies representable target defaults and cross-cutting policy rewrites that are part of the config enproxy will actually use. The result is what Parse, ApplyConfigStruct, config check, and config print all consume so those paths stay in sync.

func NewConfigNormalizer 

func NewConfigNormalizer(defaultNasshRelayHost string, withoutAuthentication, unsafeIgnoreAuthentication bool) (*ConfigNormalizer, error)

NewConfigNormalizer returns a normalizer configured with the provided runtime defaults and authentication policy.

func (*ConfigNormalizer) NormalizeConfig 

func (normalizer *ConfigNormalizer) NormalizeConfig(config Config) (Config, Warnings, error)

NormalizeConfig returns a copy of config with representable runtime defaults and policy rewrites applied explicitly.

func (*ConfigNormalizer) ParseConfigBinding 

func (normalizer *ConfigNormalizer) ParseConfigBinding(binding config.Binding) (Config, Warnings, error)

ParseConfigBinding loads the bound config as the current Config format, normalizes representable defaults, and validates the resulting config.

type Enproxy 

type Enproxy struct {
	// contains filtered or unexported fields
}

func New 

func New(rng *rand.Rand, mods ...Modifier) (*Enproxy, error)

New constructs an Enproxy by applying modifiers in order.

Modifier order is part of the API. Callers are expected to choose a coherent sequence, and later modifiers override earlier ones.

func (*Enproxy) ApplyConfigFile 

func (ep *Enproxy) ApplyConfigFile(name string, data []byte) error

func (*Enproxy) ApplyConfigStruct 

func (ep *Enproxy) ApplyConfigStruct(config Config) error

func (*Enproxy) Close 

func (ep *Enproxy) Close() error

func (*Enproxy) ReloadConfig 

func (ep *Enproxy) ReloadConfig() error

ReloadConfig reloads the active config from the configured store binding.

func (*Enproxy) Run 

func (ep *Enproxy) Run() error

func (*Enproxy) RunMetrics 

func (ep *Enproxy) RunMetrics() error

func (*Enproxy) RunProxy 

func (ep *Enproxy) RunProxy() error

type Flags 

type Flags struct {
	Http       *khttp.Flags
	Oauth      *oauth.RedirectorFlags
	Nassh      *nasshp.Flags
	Prometheus *khttp.Flags
	// ConfigStore controls the backend used to resolve and read --config.
	ConfigStore *factory.Flags

	// ConfigPath identifies the config entry to read from ConfigStore.
	ConfigPath string
	// ConfigMissing controls what happens when the selected config is missing.
	ConfigMissing              MissingConfigPolicy
	DisabledAuthentication     bool
	UnsafeIgnoreAuthentication bool
}

Flags represents command line flags necessary to define a proxy.

func DefaultFlags 

func DefaultFlags() *Flags

DefaultFlags returns the default flags.

The default is generally a valid, working, one except for mandatory configuration parameters.

func (*Flags) Register 

func (fl *Flags) Register(set kflags.FlagSet, prefix string) *Flags

Register register the flags necessary to configure enproxy.

type Mapping 

type Mapping struct {
	Name   string
	From   httpp.HostPath
	Auth   httpp.MappingAuth
	Module string
	Target Target
}

type MetricsModule 

type MetricsModule struct {
}

type MetricsTarget 

type MetricsTarget struct {
}

type MissingConfigPolicy 

type MissingConfigPolicy string
const (
	MissingConfigAuto     MissingConfigPolicy = "auto"
	MissingConfigEmbedded MissingConfigPolicy = "embedded"
	MissingConfigError    MissingConfigPolicy = "error"
)

func (MissingConfigPolicy) Valid 

func (m MissingConfigPolicy) Valid() bool

type Modifier 

type Modifier func(opt *Options) error

Modifier updates enproxy construction options.

Modifiers are applied in order, and later modifiers win. In particular, config source modifiers such as FromFlags, WithConfig, WithConfigFile, and WithConfigStore intentionally override earlier config sources.

func FromFlags 

func FromFlags(flags *Flags) Modifier

FromFlags applies the current CLI configuration to enproxy.

Like every other modifier, order matters: later modifiers may override the config source, HTTP starter, metrics starter, or authentication configured here. FromFlags is intentionally a thin wrapper around the corresponding With* modifiers. It also loads the selected config store binding immediately, so apply WithDefaultConfigFile before FromFlags if you want embedded fallback to participate in missing-config handling.

func WithAuthenticator 

func WithAuthenticator(auth oauth.Authenticate) Modifier

func WithConfig 

func WithConfig(config Config) Modifier

func WithConfigFile 

func WithConfigFile(name string, data []byte) Modifier

WithConfigFile parses the provided config immediately and overrides any earlier config source modifier.

func WithConfigMissing 

func WithConfigMissing(policy MissingConfigPolicy) Modifier

func WithConfigStore 

func WithConfigStore(workspace config.StoreWorkspace, store config.Store, binding config.Binding) Modifier

WithConfigStore installs an explicitly selected config store binding and loads it immediately.

Order matters: later config source modifiers override earlier ones. Apply WithDefaultConfigFile before WithConfigStore if you want the embedded config to be used as the missing-config fallback when the missing-config policy allows it.

func WithDefaultConfigFile 

func WithDefaultConfigFile(name string, data []byte) Modifier

WithDefaultConfigFile provides an embedded fallback config used when the selected config is missing and the missing-config policy allows it.

Order matters: apply this before WithConfigStore or FromFlags if you want it to affect their eager config loading.

func WithDefaultConfigStore 

func WithDefaultConfigStore(workspace config.StoreWorkspace, store config.Store, binding config.Binding) Modifier

WithDefaultConfigStore installs the implicit default config store binding and loads it immediately.

Order matters: later config source modifiers override earlier ones. Apply WithDefaultConfigFile before WithDefaultConfigStore if you want the embedded config to be used as the missing-config fallback when the missing-config policy allows it.

func WithDisabledAuthentication 

func WithDisabledAuthentication(disabled bool) Modifier

func WithDisabledNasshAuthentication 

func WithDisabledNasshAuthentication(disabled bool) Modifier

WithDisabledNasshAuthentication disables authentication only for NASSH routes.

func WithHttpFlags 

func WithHttpFlags(flags *khttp.Flags) Modifier

func WithHttpStarter 

func WithHttpStarter(starter Starter) Modifier

func WithLogging 

func WithLogging(logger logger.Logger) Modifier

func WithMetricsFlags 

func WithMetricsFlags(flags *khttp.Flags) Modifier

func WithMetricsStarter 

func WithMetricsStarter(starter Starter) Modifier

func WithNasshpMods 

func WithNasshpMods(nmods ...nasshp.Modifier) Modifier

func WithOauthCookieStripper 

func WithOauthCookieStripper(baseCookie string) Modifier

func WithOauthRedirector 

func WithOauthRedirector(rflags *oauth.RedirectorFlags) Modifier

func WithPrometheus 

func WithPrometheus(gatherer prometheus.Gatherer, register prometheus.Registerer) Modifier

func WithProxyMods 

func WithProxyMods(pmods ...httpp.Modifier) Modifier

func WithUnsafeIgnoreAuthentication 

func WithUnsafeIgnoreAuthentication(unsafe bool) Modifier

type Modifiers 

type Modifiers []Modifier

func RuntimeModifiersFromFlags 

func RuntimeModifiersFromFlags(flags *Flags) (Modifiers, error)

RuntimeModifiersFromFlags returns the non-config modifiers implied by flags.

Callers that already hold a config snapshot can combine these with WithConfig to validate or start enproxy without reopening the configured store.

func (Modifiers) Apply 

func (mods Modifiers) Apply(o *Options) error

type NasshModule 

type NasshModule struct {
	RelayHost string
}

type NasshTarget 

type NasshTarget struct {
	RelayHost string
}

type Options 

type Options struct {
	// contains filtered or unexported fields
}

type ProxyModule 

type ProxyModule struct {
	To        string
	Transform *httpp.Transform
}

type ProxyTarget 

type ProxyTarget struct {
	To        string
	Transform *httpp.Transform
}

type RouteRegistrar 

type RouteRegistrar func(from *httpp.HostPath, label string, handler http.Handler) error

RouteRegistrar records an HTTP handler for one route produced by modulePlan.Map.

If from is nil, the mapping's configured From value is used. A non-nil from lets a module expand one mapping into multiple concrete routes, such as module-owned paths or relay host aliases. label is used for routing metadata and diagnostics; handler is the HTTP handler to install if the config commits.

type Starter 

type Starter func(log logger.Printer, handler http.Handler, domains ...string) error

Starter is a function capable of starting a web server.

Requires providing a logger, an http.Handler (typically some form of mux), and a list of domains for which an https certificate is necessary.

func StarterFromFlags 

func StarterFromFlags(flags *khttp.Flags) Starter

StarterFromFlags creates a starter from kserver.Flags.

type Target 

type Target struct {
	Proxy   *ProxyTarget
	Nassh   *NasshTarget
	Metrics *MetricsTarget
}

type Warnings 

type Warnings []string

Warnings represents a list of warnings.

func (*Warnings) Add 

func (w *Warnings) Add(warning string)

Add adds a new warning.

func (*Warnings) AddOnce 

func (w *Warnings) AddOnce(warning string)

func (*Warnings) Print 

func (w *Warnings) Print(printer logger.Printer)

Print prints the list of warnings.

For example: 

warnings.Print(log.Printf)

or: 

warnings.Print(klogger.Warnf)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.